Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/5335e2-1598-4822-8227-8353aa40baeb/1/cbASN3fk18Tj9McpzsqARVXR-pM.roa
File:                     cbASN3fk18Tj9McpzsqARVXR-pM.roa (raw, json)
Hash identifier:          aAGlbD4TDLIdbw1wI2aN8qbwooD1yBpWxGj+IoRRzpM=
Subject key identifier:   71:B0:12:37:77:E4:D7:C4:E3:F4:C7:29:CE:CA:80:45:55:D1:FA:93
Certificate issuer:       /CN=e38f10a2c792d0d365678a36ca7f7f1409ca3afd
Certificate serial:       019425FC2943136924BD9D607597C26DBBE6
Authority key identifier: E3:8F:10:A2:C7:92:D0:D3:65:67:8A:36:CA:7F:7F:14:09:CA:3A:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/448QoseS0NNlZ4o2yn9_FAnKOv0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/5335e2-1598-4822-8227-8353aa40baeb/1/cbASN3fk18Tj9McpzsqARVXR-pM.roa
Signing time:             Thu 02 Jan 2025 07:47:50 +0000
ROA not before:           Thu 02 Jan 2025 07:47:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     64472
IP address blocks:        185.162.180.0/23 maxlen: 23
                          185.162.182.0/24 maxlen: 24
                          2a0a:9000::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/5335e2-1598-4822-8227-8353aa40baeb/1/448QoseS0NNlZ4o2yn9_FAnKOv0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/5335e2-1598-4822-8227-8353aa40baeb/1/448QoseS0NNlZ4o2yn9_FAnKOv0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/448QoseS0NNlZ4o2yn9_FAnKOv0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 03:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:29:43:13:69:24:bd:9d:60:75:97:c2:6d:bb:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e38f10a2c792d0d365678a36ca7f7f1409ca3afd
        Validity
            Not Before: Jan  2 07:47:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=71b0123777e4d7c4e3f4c729ceca804555d1fa93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:da:50:ce:22:68:49:94:67:66:69:08:31:5d:
                    64:92:63:06:3d:30:f4:c8:19:76:3f:37:1c:ef:c4:
                    99:1f:68:f3:63:8d:07:60:13:69:d8:ef:66:0f:d3:
                    10:69:4e:8f:0a:0e:49:84:9e:fa:2a:7f:7d:cd:fb:
                    b8:a4:03:8c:ae:cd:82:0b:ab:c4:5a:dc:c8:9d:82:
                    95:3f:8f:66:97:d8:fd:0a:de:ca:5d:36:e0:be:28:
                    ae:01:dc:d6:07:7c:04:10:27:90:d7:84:3c:5a:97:
                    11:8c:8b:c0:27:21:f4:b9:b2:76:47:8c:c1:76:a8:
                    70:bb:3f:2e:ed:f0:ab:43:63:df:42:21:ea:11:29:
                    55:61:63:af:49:c9:a3:8f:9d:65:5f:11:cc:98:92:
                    92:8b:b6:79:ac:37:46:6f:5a:cb:63:67:e0:c7:fa:
                    0d:5e:18:12:12:9f:ea:49:de:ed:dd:15:f6:c7:d2:
                    50:fd:ed:a9:22:4a:cd:cf:f6:61:eb:13:ba:5e:11:
                    8d:d8:20:0b:34:27:8f:2f:ef:8d:c5:d4:fe:df:df:
                    4b:b2:06:d2:7a:93:ed:bf:d3:b2:6f:50:93:98:a3:
                    2b:95:9e:12:9d:dd:e6:95:35:4b:04:3b:d0:db:37:
                    45:0a:12:52:e2:44:fc:cf:91:78:9b:9a:06:f7:aa:
                    66:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:B0:12:37:77:E4:D7:C4:E3:F4:C7:29:CE:CA:80:45:55:D1:FA:93
            X509v3 Authority Key Identifier:
                keyid:E3:8F:10:A2:C7:92:D0:D3:65:67:8A:36:CA:7F:7F:14:09:CA:3A:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/448QoseS0NNlZ4o2yn9_FAnKOv0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/5335e2-1598-4822-8227-8353aa40baeb/1/cbASN3fk18Tj9McpzsqARVXR-pM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/5335e2-1598-4822-8227-8353aa40baeb/1/448QoseS0NNlZ4o2yn9_FAnKOv0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.162.180.0-185.162.182.255
                IPv6:
                  2a0a:9000::/29

    Signature Algorithm: sha256WithRSAEncryption
         3b:f6:1b:d4:6a:19:14:b9:18:83:8b:3f:7a:c3:ba:a5:07:41:
         ff:79:15:35:b9:0f:49:11:2d:75:fb:80:2c:58:e7:96:86:e9:
         58:8e:d2:68:b5:fa:a9:65:1e:f2:d1:31:0e:bb:a5:2d:15:76:
         23:f9:7e:c7:c8:dd:29:37:1b:d3:e8:cd:e6:72:c5:9d:db:6a:
         b1:86:11:3c:cb:6d:c0:cd:43:a5:54:cf:d9:90:be:04:77:fa:
         57:51:ff:9e:6a:6b:fb:11:89:95:d9:be:4b:69:a3:1b:29:97:
         77:11:d6:99:45:0a:2e:5a:54:64:65:04:aa:0b:0d:a4:0e:01:
         0b:fd:f0:98:d0:d2:9a:13:35:43:fe:f3:b7:91:ae:fa:0c:df:
         d8:bf:f4:84:ee:a9:cc:0c:42:1b:88:aa:6f:54:27:a7:39:47:
         19:38:44:2a:44:d5:02:c8:e9:a9:12:e6:c8:f0:75:f2:c5:89:
         09:19:3a:c2:aa:c0:cf:86:eb:de:f5:43:b4:99:6f:9a:39:0a:
         c5:2a:43:ec:95:2a:82:95:b1:55:d0:6d:46:3b:ca:f2:e3:41:
         50:8c:af:96:fa:63:80:db:06:1c:2f:9b:e7:94:44:70:d4:88:
         2a:9a:0a:ec:66:92:3b:15:01:8e:8f:15:03:f7:7b:89:06:98:
         f1:42:9d:60
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZQl/ClDE2kkvZ1gdZfCbbvmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzOGYxMGEyYzc5MmQwZDM2NTY3OGEzNmNhN2Y3ZjE0MDlj
YTNhZmQwHhcNMjUwMTAyMDc0NzUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWIwMTIzNzc3ZTRkN2M0ZTNmNGM3MjljZWNhODA0NTU1ZDFmYTkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA09pQziJoSZRnZmkIMV1kkmMGPTD0
yBl2Pzcc78SZH2jzY40HYBNp2O9mD9MQaU6PCg5JhJ76Kn99zfu4pAOMrs2CC6vE
WtzInYKVP49ml9j9Ct7KXTbgviiuAdzWB3wEECeQ14Q8WpcRjIvAJyH0ubJ2R4zB
dqhwuz8u7fCrQ2PfQiHqESlVYWOvScmjj51lXxHMmJKSi7Z5rDdGb1rLY2fgx/oN
XhgSEp/qSd7t3RX2x9JQ/e2pIkrNz/Zh6xO6XhGN2CALNCePL++NxdT+399LsgbS
epPtv9Oyb1CTmKMrlZ4Snd3mlTVLBDvQ2zdFChJS4kT8z5F4m5oG96pmYwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFHGwEjd35NfE4/THKc7KgEVV0fqTMB8GA1UdIwQY
MBaAFOOPEKLHktDTZWeKNsp/fxQJyjr9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDQ4UW9zZVMwTk5sWjRvMnluOV9GQW5LT3YwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi81MzM1ZTItMTU5OC00ODIyLTgyMjct
ODM1M2FhNDBiYWViLzEvY2JBU04zZmsxOFRqOU1jcHpzcUFSVlhSLXBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi81MzM1ZTItMTU5OC00ODIyLTgyMjctODM1M2FhNDBiYWVi
LzEvNDQ4UW9zZVMwTk5sWjRvMnluOV9GQW5LT3YwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTAUBAIAATAOMAwDBAK5orQD
BAC5orYwDQQCAAIwBwMFAyoKkAAwDQYJKoZIhvcNAQELBQADggEBADv2G9RqGRS5
GIOLP3rDuqUHQf95FTW5D0kRLXX7gCxY55aG6ViO0mi1+qllHvLRMQ67pS0VdiP5
fsfI3Sk3G9PozeZyxZ3barGGETzLbcDNQ6VUz9mQvgR3+ldR/55qa/sRiZXZvktp
oxspl3cR1plFCi5aVGRlBKoLDaQOAQv98JjQ0poTNUP+87eRrvoM39i/9ITuqcwM
QhuIqm9UJ6c5Rxk4RCpE1QLI6akS5sjwdfLFiQkZOsKqwM+G6971Q7SZb5o5CsUq
Q+yVKoKVsVXQbUY7yvLjQVCMr5b6Y4DbBhwvm+eURHDUiCqaCuxmkjsVAY6PFQP3
e4kGmPFCnWA=
-----END CERTIFICATE-----